Dr. John Shovic, Eastern Washington University (EWU) Computer Science professor, allows his network security students to put him through hell as part of their final grade. "I specifically grant students permission to try to get me to catch their computer viruses," says Shovic. "If I catch the virus, they get an automatic 'A' in the class." To fool Shovic, students have to be "fiendishly clever," but three have earned their automatic 'A' in the past two years. The three had different approaches --- "social engineering," "phishing," and direct forgery of an e-mail address.

Dr. Shovic, professor of cyber security and co-founder of several Inland Northwest businesses, will give a presentation on Tuesday, Oct. 19 at 11:30 a.m. at the Ridpath Hotel. Shovic will provide a non-technical overview of wireless security and how businesses, as well as homes, can protect themselves. He will invite questions and discussion. His presentation will be part of "Eastern Edge: Wireless Security" a program by Eastern Washington University in partnership with the Spokane Area Economic Development Council.

Shovic uses a "closed system" laboratory in the SIRTI Building on the Riverpoint Campus for his cyber security class. This network security pod cluster includes twenty-two computers in a highly configurable network environment. There are two racks of state-of-the-art computer servers for research and teaching of Network Security and Information Warfare. Shovic teaches both attack and defense. The entire system is firewalled, and has physical and VLAN isolation. They divided the network into the "Blue Team" and the "Red Team", and the teams run attacks back and forth to learn, especially, how to defend against an attack.

The unique firewall and inter-networking setup allows computers to be selectively exposed to the Internet, and actual attacks from hackers can be studied and catalogued. "We can put one computer out on the Internet, and then use the others to monitor and wait for the computer to be hacked," says Shovic. "Put an unprotected Linux or Windows machine out --- exposed to the network --- and it's a matter of hours before you have a hacked computer and somebody from Russia is storing stolen movies on your machine and using your machine to hack computers at some company in Japan." "As you might expect," Shovic continues, "it is great fun for the students and the professor to watch this being done in a safe environment."

It is important to note that this system is completely separate from all other university administration and student networks. "No one can screw up a whole building when an experiment goes awry."

Shovic's classes also study wireless security. At the beginning of the class, each student is given a complete "sniffing" system for a laptop that allows them to monitor the wireless world around them. They quickly learn that most hotspots are non-encrypted. This means that someone with a neighboring laptop can watch every Web site surfed, every e-mail sent from a POP3 client, and can even hijack encrypted communications in some cases --- for example secure Web sites. According to Shovic, one student checked out Internet kiosks in a large airport and found that the kiosks were sending credit cards, names and PIN numbers in the CLEAR.

Then there's "drive by hacking." On a class war drive, they found that 70% of wireless networks in Spokane were wide open. This allows the unethical to park outside of somebody's house, and use their Internet connection to download music, movies, even pornography. "The bottom line," says Shovic, "is turn on the encryption on any wireless network you use. It isn't difficult, and it gives you a lot more security."

This EWU fall quarter, Shovic is teaching Information Warfare (CSCD 539) in which he teaches hacking techniques and how to defend against them. "We hack lab computers and break into test systems, all the while monitoring the results and understanding how to build a solid legal case against them." Students learn how to do forensic analysis of computers, how to determine how the computer security was broken, and then how to follow the 'fingerprints' that the hackers leave in the computer. Computer ethics, respect and adherence to the law, and "what are the laws about hacking" are topic throughout all of Shovic's classes. All classes are on the Riverpoint Campus.